package com.amado.course45mysql02.dao;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.SQLException;

import com.amado.course45mysql02.domain.Student;

public class EmployeeUpdateDao {
//	使用拼sql修改,不推荐使用，有SQL注入漏洞
	public void update1(Student student) {
		Connection conn = DBConnection.getConn();
		String sql = "update t_student set name='" + student.getName() + "',sex=" + student.getSex()
				+ ",age=" + student.getAge() + ",phone=" + student.getPhone()+ " where id=" + student.getId();
		PreparedStatement ps = null;
		try {
			ps = conn.prepareStatement(sql);
			ps.executeUpdate();
		} catch (SQLException e) {
			e.printStackTrace();
		}
		DBConnection.close(null, ps, conn);
	}
//	使用替换变量修改
	public void update2(Student student) {
		Connection conn = DBConnection.getConn();
		//？下标从1开始
		String sql = "update t_student set name=?,sex=?,age=?,phone=? where id=?";
		PreparedStatement ps = null;
		try {
			ps = conn.prepareStatement(sql);
			ps.setString(1, student.getName());
			ps.setByte(2, student.getSex());
			ps.setShort(3, student.getAge());
			ps.setString(4, student.getPhone());
			ps.setLong(5, student.getId());
			ps.executeUpdate();
		} catch (SQLException e) {
			e.printStackTrace();
		}
		DBConnection.close(null, ps, conn);
	}
	public static void main(String[] args) {
		EmployeeUpdateDao employeeUpdateDao = new EmployeeUpdateDao();
		employeeUpdateDao.update1(new Student((long)5,"张三29", (byte)0, "123123123", (short)100));
		employeeUpdateDao.update1(new Student((long)6,"张三28", (byte)0, "123123123", (short)100));
	}

}
